Thousands of users' Instagram passwords exposed due to a website

Thousands of users' Instagram passwords exposed due to a website

Instagram is talking about itself with interesting news these days. The social media initiative that a user put into service to increase their Instagram followers revealed the passwords of thousands of Instagram accounts. It is a matter of curiosity how the repercussions will be.


SocialCaptain kept the passwords of Instagram accounts in unprotected plain text, according to information obtained this week by the online publisher TechCrunch, the well-known technology industry. Users viewing the web page source code on their SocialCaptain profile page could see their Instagram usernames and passwords straight as long as they linked their accounts to the platform.

A website error that occurred allowed a SocialCaptain user to access their information without having to log in to their profile. Since user account IDs are mostly consecutive, it was also possible to access any user's account and easily view their Instagram password and other account information.

According to Webtekno, a security researcher who did not want to be named warned TechCrunch about the vulnerability and created a table of about 10,000 user accounts. There were about 4,700 Instagram usernames and passwords in the spreadsheet. The rest of the records included only the user's name and email address. It is stated that the data is also the type that shows whether the accounts are free trial or paid premium account and that the billing addresses of the customers are present in most of these premium accounts.

It was announced that the researchers confirmed the error by creating a fake Instagram account, linking the account to the SocialCaptain site, and viewing the web page source code of the profile on the site. After TechCrunch reported the error, SocialCaptain reported that it fixed this vulnerability by blocking direct access to other users' profiles.

"Our analysis shows that the problem has arisen in the last weeks when accounts have been made temporarily accessible without authentication with the third-party email service," said Anthony Rogers, SocialCaptain's general manager. Rogers, who added that the proceedings were continuing, did not give information about how long the investigation would take.

Follow Us
https://afaworks.com/UserProfile/tabid/42/userId/140856/Default.aspx
http://laser.inf.ethz.ch/2015/index.php?option=com_k2&view=itemlist&task=user&id=719417
https://sciprofiles.com/profile/967975
http://journal2.um.ac.id/index.php/gpji/user/viewPublicProfile/153054